Large-scale deployment of e-commerce solutions between various enterprises over public networks requires careful consideration of security issues. This is best explained through an example.
Two companies, company A and company B, have a formal agreement for making business transactions (i.e., any legally binding action between persons or organizations), such as an offer, an order or a cancellation. The possible set of transaction types between A and B may be denoted by T(A,B)={T1, T2, . . . , Tn} where for example T ∈ T(A,B) may denoteT→“purchase X units of product Y at price P per unit”.
The transaction types denoted by the set T(A, B) may be assumed to be general, and at the actual time when the particular transaction takes place, additional details beyond those given in the transaction descriptions of T(A,B) must be provided. For example, for transaction T, the requester will supply values for X, Y, and P, which are expected to vary over time.
The problem of specifying the set of transactions T(A, B), how they will be performed, the data exchanged and so on, could be solved using Electronic Data Interchange (<<EDI>>) syntax, such as in ISO 9735, available at http://www.r3.ch/standards/edifact/index.html. Further, these companies must coordinate over the Internet to fulfill their general transactions as specified in the set T(A,B).
A typical situation would be for a user UA of company A to receive a transaction of type T ∈ T(A,B) from a user UB, that purports to be under the control of company B. Let us assume that UA is presented with a request from company B for company A to make X=1000 units of product Y at price P=$1 per unit and further that the user operates through software operating through a public network. Since the request originates from a public network, there are at least three security issues that UA may consider: (1) should the details (X, Y, P, UA, UB) of the transactions be confidential and encoded for integrity? (2) how does one verify that the user UB requesting the transaction is in fact controlled by company B? and (3) even if it is known that the user UB requesting the transaction is employed by company B, it is not clear how one verifies that UB is in fact authorized to request such a transaction for the given values of X, Y and P.
The first two points can be addressed using standard security protocols and cryptographic algorithms, as described in A. Menezes, P. van Oorschot, and S. Vanstone; Handbook of Applied Cryptography, CRC press, 1996. In particular, with public key cryptography each user Ux can be issued with one or several certificates (such as those described in ISO/IEC 9594, Information Technology—Open Systems Interconnection—The Directory: Authentication Framework, 1993) that can be used to demonstrate their identity through the use of digital signatures.
If UA and UB are acquainted personally then that existing trust relationship may be sufficient for UA to accept the request from UB as authorized, and this is how many inter-enterprise transactions are currently conducted. In this case, UA and UB have established some trust relationship, either specifically for the purpose of conducting future transactions, or perhaps the trust has been gained by successful previous transactions. However, general e-commerce will bring together people and companies who will have no prior business or trust relationships, and the transaction then must somehow be ‘self-authorizing’. Traditionally authorization to data, applications, resources, or more generally simply objects, is administered using some form of access control. See D. E. Denning; Cryptography and Data Security. Addison—Wesley Publishing Company, 1982. In its most general form, there exists an access control matrix M that explicitly lists the access rights each user has with respect to each object O. As there may be many users Ui and objects Oj, the access control matrix M can be difficult to manage.
Perhaps the most common type of authorization is for there to be a general written document/form describing a transaction T, where certain details are provided by the requester at the time of the request, and the requester is then required to collect a set of handwritten signatures on the paper form, from one or several people who are able to approve transactions or requests of type T. For example, T may be a travel request form, which requires that the destination, duration of stay, expected costs and methods of transport be provided. The requester fills in these details, signs the request, and then takes the form to various superiors for their signatures in the appropriate places provided on the form. Typically the places in the form where a signature is required are labeled by the role of the people whose signatures are required, such as manager, department head or CEO.
This form of authorization is called the form-signature model, or authorization by co-signatures, or co-signing data. For example, the travel request transaction (T=‘travel request’) may require the signature of the requester, the requester's manager and then the department head of the requester. Once the required signatures have been collected, the requester uses the signed document to authorize the transaction, say to have a travel agent book flights or hotels. Usually the travel agent is not concerned with verifying the details of the travel request, other than general checks such as the return date is after the departure date, or that some threshold of expense is not exceeded. What is of importance to the travel agent is the set of signatures accompanying the request, and the roles represented by these signatures. For many office tasks that do not involve significant amounts of funds, the form-signature model is adequate for granting task authorization. However, where more significant amounts of funds or resources are committed by the transaction, it becomes important to be certain that each signature is both authentic, and that the collection of signatures does, in fact, bind the company. In these cases, it becomes necessary to obtain direct approval of every transaction from an enterprise authority (i.e., Transaction Administrator such as the President, comptroller, or other officer) for confirmation that the lower level employees had authority to authorize the transaction.
A form-signature model for e-commerce includes: (1) an electronic representation of the task and the information required to perform the task (such as dates, costs, names), (2) a signature mechanism, and (3) a mechanism to relate the signatures accompanying the electronic task data to privilege for granting authorization for the task. Generally speaking, (1) and (2) can be solved directly using current methods and technology, while (3) has not yet be adequately addressed. With respect to (1) and (2), paper-based forms can be represented electronically as HTML or word-processor documents, and for a task T, let D(T) denote the electronic form/template of task T. If T is a ‘travel request’ then for example D(T) may be a HTML document requesting details of the trip to be taken, and there will also be a list of roles where users acting in these roles must sign the travel request details. Also there are several schemes for providing digital signatures, such as RSA or DSS, so the basic tools to implement the form-signature model in e-commerce are available. The more difficult part in the e-commerce form-signature model is to determine or verify that the set of collected signatures implies authorization for the task.
If a user U digitally signs data, it is implied that U has a public key Pub(U) and a private key Pri(U) such that Pub(U) is stored in a certificate, which we will denote as Cert(U). The certificate Cert(U) is stored in a public database or directory, so anyone may retrieve it and verify a signature purportedly produced by U with Pri(U). The certificate Cert(U) contains one or several names/identifiers for U, so U can be uniquely identified as the user who produced the signature. However in considering if another user is verified to request transaction T by examining a set of signatures on D(T), the important aspect is not so much who produced each signature but whether they have the authority to authorize T.
Therefore, what is needed is a method that frees the enterprise authority from having to verify every transaction and which enables efficient authorization and verification of authorization of e-commerce contracts, using standard security or cryptographic protocols, over an insecure public network. Still further, what is needed is a method for performing inter-enterprise authorization that reveals minimal information about the decision structures of the respective companies.